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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 
1.17(e) has been timely paid, the finality of the previous Office action has been 
withdrawn pursuant to 37 CFR 1.1 14. Applicant's submission filed on June 20, 208 has 
been entered. 

2. The applicant canceled claims 1-25 and added new claims 26-44. 

3. Claims 26-44 have been examined and are pending. 

Claim Objections 

4. Claim 40 is objected to because of the following informalities: claim 40 recite "The 
computer readable medium of claim 40"; however, claim 40 is rather directed to a system. 
Appropriate correction is required. 



Response to Arguments 

5. Applicant's arguments with respect to claims 26-44 have been considered but are moot in 
view of the new ground(s) of rejection. 
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Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 26-44 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mukherjee 
et al. (hereinafter referred to as Mukherjee, US Pub. No.: 2004/0006708 Al) in view of Cheline 
et al. (hereinafter referred to as Cheline, US Pub No.: 2003/0041 136 Al). 

As per claim 26: 

Mukherjee discloses a method in a packet forwarder, comprising: 
receiving a connection request from a computing device requesting access to a network (0050; 
Figure 4A: 404); 

issuing the computing device a first Internet Protocol (IP) address assigned to a first Virtual 
Local Area Network (VLAN) communicably interfaced with the packet forwarder, 
wherein the first VLAN does not provide access to the network and is isolated from a 
permanent VLAN that provides access to the network (Figure 2: 108; 0006; 0026; 0030; 
0034); 

sending the computing device an authentication request via the first VLAN based on the first IP 
address, responsive to the connection request (0025; 0051; 0067); 

receiving authentication credentials from the computing device via the first VLAN, responsive to 
the authentication request (0025; 0051; 0067); and 
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forwarding network packets between the computing device and the network over the permanent 
VLAN based on the replacement IP address (0053; 0067). 

Mukherjee does not explicitly disclose issuing the computing device a replacement IP 
address assigned to the permanent VLAN for communication with the network, responsive to 
receiving satisfactory authentication credentials from the computing device. Cheline, in 
analogous art however, disclose issuing the computing device a replacement IP address assigned 
to the permanent VLAN for communication with the network, responsive to receiving 
satisfactory authentication credentials from the computing device (0051; 0055; 0056; 0068; 
0071). Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Mukherjee to include issuing 
the computing device a replacement IP address assigned to the permanent VLAN for 
communication with the network, responsive to receiving satisfactory authentication credentials 
from the computing device. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated by the desire to provide a computer 
implemented method for remotely configuring a Virtual Private Network (VPN) between a 
client-side system and a server-side system as suggested by Cheline (as suggested 0016). 

As per claim 27: 

Mukherjee disclose a method, wherein receiving the connection request from the 
computing device requesting access to the network comprises: intercepting a request from the 
computing device for a web page (figure 5: IPSG router and VISA device). 
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As per claim 28: 

Cheline disclose a method, wherein sending the computing device the authentication 
request comprises: directing the computing device to a network login page for authentication, the 
network login page accessible on the first VLAN (figure 3B: 328, 331, 332). 

As per claim 29: 

Cheline disclose a method, wherein receiving the authentication credentials from the 
computing device via the first VLAN, responsive to the authentication request comprises: 
receiving at least a user name and a password from the computing device based on information 
captured by the network login page (figure 3B: 328, 331, 332; 334). 

As per claim 30: 

Cheline disclose a method, wherein directing the computing device to the network login 
page for authentication comprises: responding to the computing device with a redirect to a 
Uniform Resource Locator (URL) address for the network login page (0057). 

As per claim 3 1 : 

Mukherjee disclose a method, further comprising: sending the authentication credentials 
to an authentication server; and receiving an indication from the authentication server that the 
authentication credentials are authentic and that a user associated with the authentication 
credentials is authorized to access the network (figure 4a: 408-418; 0025; 0039; 0051). 
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As per claim 32: 

Cheline disclose a method, wherein sending the authentication credentials to the 
authentication server comprises: creating a packet comprising the authentication credentials in 
accordance with a Remote Authentication Dial-In User Service (RADIUS) communications 
protocol; and forwarding the packet to a RADIUS server for authentication (0043; 0044). 

As per claim 33: 

Mukherjee disclose a method, wherein the packet forwarder comprises a switch device 
located at an edge of the network to provide packet-forwarding services into the network (figure 
1: 102). 

As per claim 34: 

Mukherjee disclose a method, further comprising: 
terminating forwarding of the network packets between the computing device and the network 

based on one or more events including (0035; 0052; 0064): 
exceeding a pre-determined period of inactivity by the computing device (0035; 0052; 0064); 
receiving a reset signal is from a network login controller communicably interfaced with the 

packet forwarder (0035; 0052; 0064); 
receiving a termination command from an administrator account requesting forwarding of the 

network packets between the computing device and the network be terminated; 
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determining a network connection between the computing device and the packet 
forwarder is disconnected (0035; 0052; 0064); and 
determining a user of the computing device has logged off of the computing device(0035; 0052; 
0064). 



As per claim 35: 

Mukherjee disclose a computer-readable medium having instructions stored thereon that, 
when executed by a processor, cause the processor to perform a method comprising: 

receiving a connection request at a packet forwarder from a computing device requesting 

access to a network (0050; Figure 4A: 404); 
issuing the computing device a first Internet Protocol (IP) address assigned to a first 

Virtual Local Area Network (VLAN) communicably interfaced with the packet 

forwarder, wherein the first VLAN does not provide access to the network and is 

isolated from a permanent VLAN that provides access to the network (Figure 2: 

108; 0006; 0026; 0030; 0034); 
sending the computing device an authentication request via the first VLAN based on the 

first IP address, responsive to the connection request (0025; 0051; 0067); 
receiving authentication credentials from the computing device via the first VLAN, 

responsive to the authentication request (0053; 0067); and 
forwarding network packets between the computing device and the network over the 

permanent VLAN based on the replacement IP address (0025; 005 1 ; 0067). 
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Mukherjee does not explicitly disclose issuing the computing device a replacement IP 
address assigned to the permanent VLAN for communication with the network, responsive to 
receiving satisfactory authentication credentials from the computing device. Cheline, in 
analogous art however, disclose issuing the computing device a replacement IP address assigned 
to the permanent VLAN for communication with the network, responsive to receiving 
satisfactory authentication credentials from the computing device (0051; 0055; 0056; 0068; 
0071). Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the method disclosed by Mukherjee to include issuing 
the computing device a replacement IP address assigned to the permanent VLAN for 
communication with the network, responsive to receiving satisfactory authentication credentials 
from the computing device. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated by the desire to provide a computer 
implemented method for remotely configuring a Virtual Private Network (VPN) between a 
client-side system and a server-side system as suggested by Cheline (as suggested 0016). 

As per claim 36: 

Mukherjee disclose a computer-readable medium, wherein receiving the connection 
request from the computing device requesting access to the network comprises: intercepting a 
request from the computing device for a web page (figure 5: IPSG router and VISA device). 



As per claim 37: 
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Cheline disclose a computer-readable medium, wherein: sending the computing device 
the authentication request comprises directing the computing device to a network login page for 
authentication, the network login page accessible on the first VLAN; and wherein receiving the 
authentication credentials from the computing device via the first VLAN, responsive to the 
authentication request comprises receiving user identification data from the computing device 
based on information captured by the network login page (figure 3B: 328, 331, 332, 334). 

As per claim 38: 

Cheline disclose a computer-readable medium, wherein directing the computing device 
to the network login page for authentication comprises: responding to the computing device with 
a redirect to a Uniform Resource Locator (URL) address for the network login page (0057). 

As per claim 39: 

Cheline disclose a computer-readable medium, further comprising: sending the 
authentication credentials to a Remote Authentication Dial In User Service (RADIUS) 
compatible authentication server; and receiving an indication from the RADIUS compatible 
authentication server that the authentication credentials are authentic and that a user associated 
with the authentication credentials is authorized to access the network (0043; 0044). 



As per claim 40: 

Mukherjee disclose a system comprising: 
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means for receiving a connection request at a packet forwarder from a computing device 

requesting access to a network (0050; Figure 4A: 404); 
means for issuing the computing device a first Internet Protocol (IP) address assigned to a 

first Virtual Local Area Network (VLAN) communicably interfaced with the 

packet forwarder, wherein the first VLAN does not provide access to the network 

and is isolated from a permanent VLAN that provides access to the network 

(Figure 2: 108; 0006; 0026; 0030; 0034); 
means for sending the computing device an authentication request via the first VLAN 

based on the first IP address, responsive to the connection request (0025; 0051; 

0067); 

means for receiving authentication credentials from the computing device via the first 
VLAN, responsive to the authentication request (0053; 0067); 

means for forwarding network packets between the computing device and the network 
over the permanent VLAN based on the replacement IP address (0025; 0051; 
0067). 

Mukherjee does not explicitly disclose means for issuing the computing device a 
replacement IP address assigned to the permanent VLAN for communication with the network, 
responsive to receiving satisfactory authentication credentials from the computing device. 
Cheline, in analogous art however, disclose means for issuing the computing device a 
replacement IP address assigned to the permanent VLAN for communication with the network, 
responsive to receiving satisfactory authentication credentials from the computing device (005 1 ; 
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0055; 0056; 0068; 0071). Therefore, it would have been obvious to a person having ordinary 
skill in the art at the time the invention was made to modify the method disclosed by 
Mukherjee to include means for issuing the computing device a replacement IP address assigned 
to the permanent VLAN for communication with the network, responsive to receiving 
satisfactory authentication credentials from the computing device. This modification would have 
been obvious because a person having ordinary skill in the art would have been motivated by 
the desire to provide a computer implemented method for remotely configuring a Virtual 
Private Network (VPN) between a client-side system and a server-side system as suggested by 
Che line (as suggested 0016). 

As per claim 41: 

Mukherjee disclose a computer-readable medium, wherein receiving the connection 
request from the computing device requesting access to the network comprises: means for 
intercepting a request from the computing device for a web page (figure 5: IPSG router and 
VISA device). 

As per claim 42: 

Cheline disclose a system, wherein: sending the computing device the authentication 
request comprises means for directing the computing device to a network login page for 
authentication, the network login page accessible on the first VLAN; and wherein receiving the 
authentication credentials from the computing device via the first VLAN, responsive to the 
authentication request comprises means for receiving a user identification card from the 
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computing device based on information captured by the network login page (figure 3B : 328, 33 1 , 
332, 334). 

As per claim 43: 

Cheline disclose a system, wherein directing the computing device to the network login 
page for authentication comprises: means for responding to the computing device with a redirect 
to a Uniform Resource Locator (URL) address for the network login page (0057). 

As per claim 44: 

Cheline disclose a system, further comprising: means for sending the authentication 
credentials to a Remote Authentication Dial In User Service (RADIUS) compatible 
authentication server; and means for receiving an indication from the RADIUS compatible 
authentication server that the authentication credentials are authentic and that a user associated 
with the authentication credentials is authorized to access the network (0043; 0044). 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See the notice of reference cited in form PTO-892 for additional prior art. 

Contact Information 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Techane J. Gergiso whose telephone number is (571) 272-3784 
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and fax number is (571) 273-3784. The examiner can normally be reached on 9:00am - 6:00pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization 
where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

IT. J. G.I 

Examiner, Art Unit 2137 



/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2137 



